Hi!
As i came back from my holiday my sister showed me this email she got:
< START >
Received: from [172.20.1.104] (helo=mailgate6.cinetic.de) by mx06.web.de
with esmtp (WEB.DE(Exim) 4.75 #2) id 17hHVy-0004sp-01 for
grundwasser16@web.de; Wed, 21 Aug 2002 00:30:18 +0200 Received: from
hotmail.com (f176.law11.hotmail.com [64.4.17.176]) by mailgate6.cinetic.de
(8.11.2/8.11.2/WEBDE Linux 8.11.0-0.2) with ESMTP id g7KLA2w06138 for
; Tue, 20 Aug 2002 23:10:02 +0200 Received: from mail
pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 20 Aug 2002
14:09:58 -0700 Received: from 217.233.67.236 by lw11fd.law11.hotmail.msn.com
with HTTP; Tue, 20 Aug 2002 21:09:58 GMT X-Originating-IP: [217.233.67.236]
From: "R K" To: grundwasser16@web.de Subject: Hallo
Sissy... !!!! Date: Tue, 20 Aug 2002 23:09:58 +0200 Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; format=flowed Message-ID:
X-OriginalArrivalTime: 20 Aug 2002
21:09:58.0686 (UTC) FILETIME=[F0C583E0:01C2488D] Content-Transfer-Encoding:
quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by
mailgate6.cinetic.de id g7KLA2w06138
Na, wie geht´s dem Freund???
Na ja, egal, mit 17 ist ja noch alles offen, und vielleicht findet sich beim
chatten ja was richtiges.
Oder ist bei Euch in Lorch nix los?? Kann ja mal anrufen bei Dir:
071xx/9155xx
Was machst Du so, wenn du mal nicht im Internet surfst und deine Spuren
hinterlässt???
Wie sieht´s mit der Mittleren Reife aus? Alles gut überstanden??
Na ja, wer immer "Wer wird Millionär" schaut, kann ja gar nicht schlecht
sein... grins...
Du solltest Dich mal ERNSTHAFT mit Mario unterhalten, schliesslich sollte er
ja "vom Fach" sein...
Vielleicht weiss er ja, WOHER ICH ALL DEINE DATEN HABE, OBWOHL ICH HUNDERTE
KM ENTFERNT BIN!!!!!!
THINK SAFE!!!
KEEP YOUR PC SAFE!!!!
Greetzzzz vom HACKerKinG
PS ich habe weder mit dir jemals gechatted noch kenne ich dich in
irgendeiner form ... UND TROZDEM IST NICHTS FIKTIV!
Bedenke BIG BROTHER IS WATCHING YOU!!
Ask for more!!!!!
... and youll get the answer
_________________________________________________________________
Mit MSN Fotos können Sie kinderleicht Ihre Fotos ausdrucken und Freunden zur
Verfügung stellen: http://photos.msn.de
http://photos.msn.de>
< STOP >
I am running 2 PCs, SuSE7.3 (PDC, Web, Mail, edonkey, ircd. Not updated for
23days) and SuSE7.2 (SuSEfirewall2. not updated for 13days).
I could not find anything interesing in my logfiles. Seems like he never
touched my server, but if he really got in i would not find the tracks
anyway, her will have removed them.
But i doubt that he is a professional. His name does look like a script
kiddy, his mailaddress at hotmail is a sign for a scriptkiddy, too.
Not logs from a network scanner, nothing. I hope that he just got in contact
with the w2k client, not with my servers.
The w2k SP2 workstation where my sister works on was not infected by a
trojan (Scanned by norton anti virus 2002).
What do i do next, how can i dected my security hole?
I want to find the hole, before i install my Servers again.
Any tip, hint, would be great!
Thanks!
Mario Ohnewald
p.s. I hope i have told you everything you have to know.